elastic 7.x support #1061
elastic 7.x support #1061
Conversation
|
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually? |
|
FWIW, I've been running this branch in my QA environment, and it has been behaving properly. |
|
@tylerjl Any update on this? Unsure if I should proceed to install 6 if 7 will be released soon... :) |
|
Any contribution mention for this ?? #1040 |
|
Is there anything preventing this being merged? I am keen to use the functionality |
|
@tylerjl I am also eagerly waiting on official word regarding 7.x support. |
|
this PR is giving me this error:
I think you have to set all xpack.security.http in addition to xpack.security.transport |
You need to set elasticsearch::xpack: true This requires ca_certificate, certificate and private_key to be configured. This will add all required xpack settings to the config file. |
|
I did |
|
Set elasticsearch::instance::ssl to false. |
|
but this will disable http client -> elasticsearch tls communication and I want that. you just have to also set where you set Documentation: |
This is indeed needed, otherwise it tries to load the keystore that is not used on this PR. I think the only thing this needs, is the xpack.security.http.ssl.* in addition to the xpack.security.transport.* |
manifests/instance.pp
Outdated
| @@ -440,13 +444,51 @@ | |||
| } | |||
| } | |||
|
|
|||
| if $xpack { | |||
| if (($ca_certificate == undef) and ($certificate == undef) and ($private_key == undef)) { | |||
There was a problem hiding this comment.
Shouldn't these be or instead of and ... or != undef ?
The way this is written, if any of them are defined, it will skip by this error check, it will only catch if all three are undef.
There was a problem hiding this comment.
Good spot, it would be better to use or.
manifests/instance.pp
Outdated
| @@ -290,8 +294,8 @@ | |||
| $tls_config = { | |||
| 'xpack.security.transport.ssl.enabled' => true, | |||
| 'xpack.security.http.ssl.enabled' => true, | |||
| 'xpack.ssl.keystore.path' => $_keystore_path, | |||
| 'xpack.ssl.keystore.password' => $keystore_password, | |||
| 'xpack.http.ssl.keystore.path' => $_keystore_path, | |||
There was a problem hiding this comment.
Are these options backwards compatible? Otherwise there should probably be a check on the major version and a switch between these two configurations?
There was a problem hiding this comment.
We had to add a check for major version on our cluster settings... this may be useful:
$es_major_version = $elasticsearch::version.split(/\./)[0] # 7.5.1 -> 7
There was a problem hiding this comment.
This has been added for ssl section
| -Djna.nosys=true. | ||
| -Dlog4j.shutdownHookEnabled=false. | ||
| -Dlog4j2.disable.jmx=true. | ||
| -XX:\+AlwaysPreTouch. | ||
| -XX:\+HeapDumpOnOutOfMemoryError. | ||
| -XX:\+PrintGCDateStamps. | ||
| -XX:\+PrintGCDetails. | ||
| -XX:\+PrintTenuringDistribution. | ||
| -XX:\+UseCMSInitiatingOccupancyOnly. | ||
| -XX:\+UseConcMarkSweepGC. |
There was a problem hiding this comment.
I realize that the test isn't the only change but the point was the -XX:+UseConcMarkSweepGC should have an 8: prefix as it was deprecated in 9.
|
Really need this feature too. Anything I could help with? |
I took the code from this pull request and added the changes I mentioned above. I also had to modify my "profile" code to form the cluster with the new parameters. It is working for us. I figured @uberjew666 would make the changes I suggested so that it could hopefully be merged, but I can re-submit if they are unable to. Tommy |
|
@TJM Sorry, I've not had much time to work on this. Luckily, this module is required for a project I'm working on so I will try and get the amendments sorted and pushed soon. |
|
@TJM @uberjew666 Any news on this? Can I help somehow? |
|
@Antiarchitect I just pushed the version we are using internally: https://github.com/TJM/puppet-elasticsearch/tree/es7-fix |
|
@TJM Thank you so much! Anyway, I and my team have some time. So I'll wait this merged into master. |
|
Hi there, Firstly, thank you for taking the time to contribute, and apologies for the radio silence from Elastic on this PR. I'm going to be working on this module over the next few weeks, with an ultimate aim of updating the module to support the elasticsearch 7.x and simplifying the module to make it easier to use. I'll be reviewing all the open issues and PRs over the next few days, and will merge or provide feedback where appropriate. So please hang in there whilst we give this module some TLC. Thanks again. |
|
Author of the following commits did not sign a Contributor Agreement: Please, read and sign the above mentioned agreement if you want to contribute to this project |
- Update JVM startup options - Add node name to log4j2.properties - Rename augeas resource to prevent dependency loop - Add boolean to enable/disable xpack and required features - Add self to contributors list - Add check for required certificate variables - Add version check for xpack related settings Maintains backwards compatibility - Resolve variable scope warnings - Update unit tests - Remove ubuntu 14.04 acceptance tests - Not supported https://www.elastic.co/support/matrix
|
Any progress on this, guys? |
|
@uberjew666 looks like you have conflicts within your branch. |
|
Since there is no progress in here I have created a new PR which is rebased: #1082 |
|
Elasticsearch 7 support has been added. See #1068 (comment) Thanks |
https://www.elastic.co/support/matrix
Fixes:
Pull request acceptance prerequisites: